High severityNVD Advisory· Published Feb 7, 2023· Updated Mar 10, 2025
Persisted Cross-Site Scripting in Frontend Rendering in typo3
CVE-2023-24814
Description
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component GeneralUtility::getIndpEnv() uses the unfiltered server environment variable PATH_INFO, which allows attackers to inject malicious content. In combination with the TypoScript setting config.absRefPrefix=auto, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and delivered to other website visitors (persisted cross-site scripting). Individual code which relies on the resolved value of GeneralUtility::getIndpEnv('SCRIPT_NAME') and corresponding usages (as shown below) are vulnerable as well. Additional investigations confirmed that at least Apache web server deployments using CGI (FPM, FCGI/FastCGI, and similar) are affected. However, there still might be the risk that other scenarios like nginx, IIS, or Apache/mod_php are vulnerable. The usage of server environment variable PATH_INFO has been removed from corresponding processings in GeneralUtility::getIndpEnv(). Besides that, the public property TypoScriptFrontendController::$absRefPrefix is encoded for both being used as a URI component and for being used as a prefix in an HTML context. This mitigates the cross-site scripting vulnerability. Users are advised to update to TYPO3 versions 8.7.51 ELTS, 9.5.40 ELTS, 10.4.35 LTS, 11.5.23 LTS and 12.2.0 which fix this problem. For users who are unable to patch in a timely manner the TypoScript setting config.absRefPrefix should at least be set to a static path value, instead of using auto - e.g. config.absRefPrefix=/. This workaround does not fix all aspects of the vulnerability, and is just considered to be an intermediate mitigation to the most prominent manifestation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
TYPO3 frontend rendering is vulnerable to persisted cross-site scripting via unfiltered PATH_INFO in combination with dynamic absRefPrefix, allowing cached malicious content.
Vulnerability
Overview The vulnerability resides in TYPO3's GeneralUtility::getIndpEnv() method, which uses the unfiltered server environment variable PATH_INFO. When combined with the TypoScript setting config.absRefPrefix=auto, an attacker can inject malicious HTML content into pages that have not yet been rendered and cached. [1][4] This injected content then becomes cached and is delivered to subsequent visitors, leading to persisted cross-site scripting (XSS). [1] Additionally, any code relying on getIndpEnv('SCRIPT_NAME') or related values is also potentially vulnerable. [4]
Exploitation
Conditions Exploitation requires the target site to use config.absRefPrefix=auto and to be running on a web server that passes PATH_INFO to PHP, such as Apache with CGI/FPM, FCGI, or FastCGI. [1] The attacker must be able to craft a request that includes malicious input in the PATH_INFO portion of the URL. [4] The injection occurs before the page is fully rendered and cached, meaning the first request to a non-cached page can poison the cache. [1]
Impact
A successful attack results in stored XSS that affects all users viewing the poisoned page. [1] The vulnerability is rated High (CVSS 3.1 base score 8.2) according to the TYPO3 advisory. [4] Attackers can execute arbitrary JavaScript in the context of the victim's session, potentially leading to data theft, session hijacking, or defacement. [4]
Mitigation
TYPO3 has released patched versions: 8.7.51 ELTS, 9.5.40 ELTS, 10.4.35 LTS, 11.5.23 LTS, and 12.2.0. [1] The fix removes the use of PATH_INFO in getIndpEnv() and encodes the absRefPrefix property to prevent XSS. [3] For users unable to patch immediately, setting config.absRefPrefix to a static path (e.g., /) is a partial workaround, but it does not fully address all attack vectors. [1] The TYPO3 Security Advisory (TYPO3-CORE-SA-2023-001) provides full details. [4]
References
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
typo3/cms-corePackagist | >= 12.0.0, < 12.2.0 | 12.2.0 |
typo3/cms-corePackagist | >= 11.0.0, < 11.5.23 | 11.5.23 |
typo3/cms-corePackagist | >= 10.0.0, < 10.4.36 | 10.4.36 |
typo3/cms-corePackagist | >= 9.0.0, < 9.5.40 | 9.5.40 |
typo3/cms-corePackagist | >= 8.7.0, < 8.7.51 | 8.7.51 |
typo3/cmsPackagist | >= 10.0.0, < 10.4.35 | 10.4.35 |
typo3/cmsPackagist | >= 11.0.0, < 11.5.23 | 11.5.23 |
typo3/cmsPackagist | >= 12.0.0, < 12.2.0 | 12.2.0 |
Affected products
4- osv-coords3 versions
>= 8.7.0, < 9.7.51+ 2 more
- (no CPE)range: >= 8.7.0, < 9.7.51
- (no CPE)range: >= 10.0.0, < 10.4.35
- (no CPE)range: >= 12.0.0, < 12.2.0
Patches
10005a6fd86ab[SECURITY] Prevent XSS due to wrong PATH_INFO evaluation
8 files changed · +55 −119
typo3/sysext/core/Classes/Core/SystemEnvironmentBuilder.php+5 −11 modified@@ -255,23 +255,17 @@ protected static function getPathThisScript(bool $isCli) } /** - * Calculate path to entry script if not in cli mode. - * - * Depending on the environment, the script path is found in different $_SERVER variables. + * Return path to entry script if not in cli mode. * * @return string Absolute path to entry script */ protected static function getPathThisScriptNonCli() { - $isCgi = Environment::isRunningOnCgiServer(); - if ($isCgi && Environment::usesCgiFixPathInfo()) { - return $_SERVER['SCRIPT_FILENAME']; - } - $cgiPath = $_SERVER['ORIG_PATH_TRANSLATED'] ?? $_SERVER['PATH_TRANSLATED'] ?? ''; - if ($cgiPath && $isCgi) { - return $cgiPath; + if (Environment::isRunningOnCgiServer() && !Environment::usesCgiFixPathInfo()) { + throw new \Exception('TYPO3 does only support being used with cgi.fix_pathinfo=1 on CGI server APIs.', 1675108421); } - return $_SERVER['ORIG_SCRIPT_FILENAME'] ?? $_SERVER['SCRIPT_FILENAME']; + + return $_SERVER['SCRIPT_FILENAME']; } /**
typo3/sysext/core/Classes/Http/NormalizedParams.php+12 −16 modified@@ -311,12 +311,13 @@ public function __construct(array $serverParams, array $configuration, string $p $requestHost = $this->requestHost = ($isHttps ? 'https://' : 'http://') . $httpHost; $requestHostOnly = $this->requestHostOnly = self::determineRequestHostOnly($httpHost); $this->requestPort = self::determineRequestPort($httpHost, $requestHostOnly); - $scriptName = $this->scriptName = self::determineScriptName( + $scriptNameOnFileSystem = self::determineScriptName( $serverParams, $configuration, $isHttps, $isBehindReverseProxy ); + $scriptName = $this->scriptName = self::encodeFileSystemPathComponentForUrlPath($scriptNameOnFileSystem); $requestUri = $this->requestUri = self::determineRequestUri( $serverParams, $configuration, @@ -329,7 +330,7 @@ public function __construct(array $serverParams, array $configuration, string $p $requestDir = $this->requestDir = $requestHost . GeneralUtility::dirname($scriptName) . '/'; $this->remoteAddress = self::determineRemoteAddress($serverParams, $configuration, $isBehindReverseProxy); $scriptFilename = $this->scriptFilename = $pathThisScript; - $this->documentRoot = self::determineDocumentRoot($scriptName, $scriptFilename); + $this->documentRoot = self::determineDocumentRoot($scriptNameOnFileSystem, $scriptFilename); $siteUrl = $this->siteUrl = self::determineSiteUrl($requestDir, $pathThisScript, $pathSite . '/'); $this->sitePath = self::determineSitePath($requestHost, $siteUrl); $this->siteScript = self::determineSiteScript($requestUrl, $siteUrl); @@ -344,6 +345,11 @@ public function __construct(array $serverParams, array $configuration, string $p $this->queryString = $serverParams['QUERY_STRING'] ?? ''; } + private static function encodeFileSystemPathComponentForUrlPath(string $path): string + { + return implode('/', array_map('rawurlencode', explode('/', $path))); + } + /** * @return string Sanitized HTTP_HOST value host[:port] */ @@ -632,17 +638,7 @@ protected static function determineScriptName( bool $isHttps, bool $isBehindReverseProxy ): string { - // see https://forge.typo3.org/issues/89312 - // When using a CGI wrapper to dispatch the PHP process `ORIG_SCRIPT_NAME` - // contains the name of the wrapper script (which is most probably outside - // the TYPO3's project root) and leads to invalid prefixes, e.g. resolving - // the `siteUrl` incorrectly as `http://ip10.local/fcgi/` instead of - // actual `http://ip10.local/` - $possiblePathInfo = ($serverParams['ORIG_PATH_INFO'] ?? '') ?: ($serverParams['PATH_INFO'] ?? ''); - $possibleScriptName = ($serverParams['ORIG_SCRIPT_NAME'] ?? '') ?: ($serverParams['SCRIPT_NAME'] ?? ''); - $scriptName = Environment::isRunningOnCgiServer() && $possiblePathInfo - ? $possiblePathInfo - : $possibleScriptName; + $scriptName = $serverParams['SCRIPT_NAME'] ?? ''; if ($isBehindReverseProxy) { // Add a prefix if TYPO3 is behind a proxy: ext-domain.com => int-server.com/prefix if ($isHttps && !empty($configuration['reverseProxyPrefixSSL'])) { @@ -778,19 +774,19 @@ protected static function determineRequestPort(string $httpHost, string $httpHos /** * Calculate absolute path to web document root * - * @param string $scriptName Entry script path of URI, without domain and without query parameters, with leading / + * @param string $scriptNameOnFileSystem Entry script path of URI on file system, without domain and without query parameters, with leading / * @param string $scriptFilename Absolute path to entry script on server filesystem * @return string Path to document root with trailing slash */ - protected static function determineDocumentRoot(string $scriptName, string $scriptFilename): string + protected static function determineDocumentRoot(string $scriptNameOnFileSystem, string $scriptFilename): string { // Get the web root (it is not the root of the TYPO3 installation) // Some CGI-versions (LA13CGI) and mod-rewrite rules on MODULE versions will deliver a 'wrong' // DOCUMENT_ROOT (according to our description). Further various aliases/mod_rewrite rules can // disturb this as well. Therefore the DOCUMENT_ROOT is always calculated as the SCRIPT_FILENAME // minus the end part shared with SCRIPT_NAME. $webDocRoot = ''; - $scriptNameArray = explode('/', strrev($scriptName)); + $scriptNameArray = explode('/', strrev($scriptNameOnFileSystem)); $scriptFilenameArray = explode('/', strrev($scriptFilename)); $path = []; foreach ($scriptNameArray as $segmentNumber => $segment) {
typo3/sysext/core/Classes/Utility/GeneralUtility.php+12 −16 modified@@ -2310,10 +2310,7 @@ public static function getIndpEnv($getEnvName) $retVal = ''; switch ((string)$getEnvName) { case 'SCRIPT_NAME': - $retVal = Environment::isRunningOnCgiServer() - && (($_SERVER['ORIG_PATH_INFO'] ?? false) ?: ($_SERVER['PATH_INFO'] ?? false)) - ? (($_SERVER['ORIG_PATH_INFO'] ?? '') ?: ($_SERVER['PATH_INFO'] ?? '')) - : (($_SERVER['ORIG_SCRIPT_NAME'] ?? '') ?: ($_SERVER['SCRIPT_NAME'] ?? '')); + $retVal = $_SERVER['SCRIPT_NAME'] ?? ''; // Add a prefix if TYPO3 is behind a proxy: ext-domain.com => int-server.com/prefix if (self::cmpIP($_SERVER['REMOTE_ADDR'] ?? '', $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'] ?? '')) { if (self::getIndpEnv('TYPO3_SSL') && $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL']) { @@ -2322,6 +2319,7 @@ public static function getIndpEnv($getEnvName) $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix'] . $retVal; } } + $retVal = self::encodeFileSystemPathComponentForUrlPath($retVal); break; case 'SCRIPT_FILENAME': $retVal = Environment::getCurrentScript(); @@ -2350,17 +2348,7 @@ public static function getIndpEnv($getEnvName) } break; case 'PATH_INFO': - // $_SERVER['PATH_INFO'] != $_SERVER['SCRIPT_NAME'] is necessary because some servers (Windows/CGI) - // are seen to set PATH_INFO equal to script_name - // Further, there must be at least one '/' in the path - else the PATH_INFO value does not make sense. - // IF 'PATH_INFO' never works for our purpose in TYPO3 with CGI-servers, - // then 'PHP_SAPI=='cgi'' might be a better check. - // Right now strcmp($_SERVER['PATH_INFO'], GeneralUtility::getIndpEnv('SCRIPT_NAME')) will always - // return FALSE for CGI-versions, but that is only as long as SCRIPT_NAME is set equal to PATH_INFO - // because of PHP_SAPI=='cgi' (see above) - if (!Environment::isRunningOnCgiServer()) { - $retVal = $_SERVER['PATH_INFO'] ?? ''; - } + $retVal = $_SERVER['PATH_INFO'] ?? ''; break; case 'TYPO3_REV_PROXY': $retVal = self::cmpIP($_SERVER['REMOTE_ADDR'] ?? '', $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP']); @@ -2433,7 +2421,10 @@ public static function getIndpEnv($getEnvName) // Some CGI-versions (LA13CGI) and mod-rewrite rules on MODULE versions will deliver a 'wrong' DOCUMENT_ROOT (according to our description). Further various aliases/mod_rewrite rules can disturb this as well. // Therefore the DOCUMENT_ROOT is now always calculated as the SCRIPT_FILENAME minus the end part shared with SCRIPT_NAME. $SFN = self::getIndpEnv('SCRIPT_FILENAME'); - $SN_A = explode('/', strrev(self::getIndpEnv('SCRIPT_NAME'))); + // Use rawurldecode to reverse the result of self::encodeFileSystemPathComponentForUrlPath() + // which has been applied to getIndpEnv(SCRIPT_NAME) for web URI usage. + // We compare with a file system path (SCRIPT_FILENAME) in here and therefore need to undo the encoding. + $SN_A = array_map('rawurldecode', explode('/', strrev(self::getIndpEnv('SCRIPT_NAME')))); $SFN_A = explode('/', strrev($SFN)); $acc = []; foreach ($SN_A as $kk => $vv) { @@ -2558,6 +2549,11 @@ protected static function webserverUsesHttps() return !empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off'; } + protected static function encodeFileSystemPathComponentForUrlPath(string $path): string + { + return implode('/', array_map('rawurlencode', explode('/', $path))); + } + /************************* * * TYPO3 SPECIFIC FUNCTIONS
typo3/sysext/core/Tests/Acceptance/Support/Extension/ApplicationEnvironment.php+0 −1 modified@@ -145,7 +145,6 @@ private function createServerRequest(string $url, string $method = 'GET'): Serve 'SCRIPT_NAME' => '/typo3/index.php', 'PHP_SELF' => '/typo3/index.php', 'SCRIPT_FILENAME' => $docRoot . '/index.php', - 'PATH_TRANSLATED' => $docRoot . '/index.php', 'QUERY_STRING' => $requestUrlParts['query'] ?? '', 'REQUEST_URI' => $requestUrlParts['path'] . (isset($requestUrlParts['query']) ? '?' . $requestUrlParts['query'] : ''), 'REQUEST_METHOD' => $method,
typo3/sysext/core/Tests/Unit/Http/NormalizedParamsTest.php+18 −67 modified@@ -360,77 +360,19 @@ public function getScriptNameReturnsExpectedValueDataProvider(): array [], '', ], - 'use ORIG_SCRIPT_NAME if ORIG_PATH_INFO is set but empty' => [ - [ - 'ORIG_PATH_INFO' => '', - 'PATH_INFO' => '', - 'ORIG_SCRIPT_NAME' => '/orig/script/name.php', - 'SCRIPT_NAME' => '/script/name.php', - ], - [], - '/orig/script/name.php', - ], - 'use ORIG_SCRIPT_NAME if PATH_INFO is set but empty' => [ - [ - 'PATH_INFO' => '', - 'ORIG_SCRIPT_NAME' => '/orig/script/name.php', - 'SCRIPT_NAME' => '/script/name.php', - ], - [], - '/orig/script/name.php', - ], - 'use SCRIPT_NAME if ORIG_PATH_INFO is set but empty' => [ - [ - 'ORIG_PATH_INFO' => '', - 'PATH_INFO' => '', - 'ORIG_SCRIPT_NAME' => '', - 'SCRIPT_NAME' => '/script/name.php', - ], - [], - '/script/name.php', - ], - 'use SCRIPT_NAME if PATH_INFO is set but empty' => [ - [ - 'PATH_INFO' => '', - 'ORIG_SCRIPT_NAME' => '', - 'SCRIPT_NAME' => '/script/name.php', - ], - [], - '/script/name.php', - ], - 'use SCRIPT_NAME if ORIG_PATH_INFO is set' => [ - [ - 'ORIG_PATH_INFO' => '/foo/bar', - 'PATH_INFO' => '', - 'ORIG_SCRIPT_NAME' => '', - 'SCRIPT_NAME' => '/script/name.php', - ], - [], - '/script/name.php', - ], - 'use SCRIPT_NAME if PATH_INFO is set' => [ + 'use SCRIPT_NAME' => [ [ - 'PATH_INFO' => '/foo/bar', - 'ORIG_SCRIPT_NAME' => '', 'SCRIPT_NAME' => '/script/name.php', ], [], '/script/name.php', ], - 'use ORIG_SCRIPT_NAME' => [ - [ - 'ORIG_SCRIPT_NAME' => '/orig/script/name.php', - 'SCRIPT_NAME' => '/script/name.php', - ], - [], - '/orig/script/name.php', - ], - 'use SCRIPT_NAME' => [ + 'apply URL encoding to SCRIPT_NAME' => [ [ - 'SCRIPT_NAME' => '/script/name.php', + 'SCRIPT_NAME' => '/test:site/script/name.php', ], [], - '/script/name.php', + '/test%3Asite/script/name.php', ], 'add proxy ssl prefix' => [ [ @@ -497,6 +439,14 @@ public function getRequestUriReturnsExpectedValueDataProvider(): array [], '/typo3/index.php?parameter=foo/bar&id=42', ], + 'use query string and script name in special subdirectory if REQUEST_URI is not set' => [ + [ + 'QUERY_STRING' => 'parameter=foo/bar&id=42', + 'SCRIPT_NAME' => '/sub:dir/typo3/index.php', + ], + [], + '/sub%3Adir/typo3/index.php?parameter=foo/bar&id=42', + ], 'prefix with proxy prefix with ssl if using REQUEST_URI' => [ [ 'HTTP_HOST' => 'www.domain.com', @@ -905,7 +855,6 @@ public function getSiteUrlReturnsExpectedUrl(): void $serverParams = [ 'SCRIPT_NAME' => '/typo3/index.php', 'HTTP_HOST' => 'www.domain.com', - 'PATH_INFO' => '/typo3/index.php', ]; $pathThisScript = '/var/www/myInstance/Web/typo3/index.php'; $pathSite = '/var/www/myInstance/Web'; @@ -978,7 +927,8 @@ public function getSiteScriptReturnsExpectedPathDataProvider(): array return [ 'not in a sub directory' => [ [ - 'SCRIPT_NAME' => '/typo3/index.php?id=42&foo=bar', + 'SCRIPT_NAME' => '/typo3/index.php', + 'REQUEST_URI' => '/typo3/index.php?id=42&foo=bar', 'HTTP_HOST' => 'www.domain.com', ], '/var/www/myInstance/Web/typo3/index.php', @@ -987,7 +937,8 @@ public function getSiteScriptReturnsExpectedPathDataProvider(): array ], 'in a sub directory' => [ [ - 'SCRIPT_NAME' => '/some/sub/dir/typo3/index.php?id=42&foo=bar', + 'SCRIPT_NAME' => '/some/sub/dir/typo3/index.php', + 'REQUEST_URI' => '/some/sub/dir/typo3/index.php?id=42&foo=bar', 'HTTP_HOST' => 'www.domain.com', ], '/var/www/myInstance/Web/typo3/index.php', @@ -1023,9 +974,9 @@ public function getSiteScriptReturnsExpectedPath(array $serverParams, string $pa public function getPathInfoReturnsExpectedValue(): void { $serverParams = [ - 'PATH_INFO' => '/typo3/index.php', + 'PATH_INFO' => '/foo/bar', ]; - $expected = '/typo3/index.php'; + $expected = '/foo/bar'; $serverRequestParameters = new NormalizedParams($serverParams, [], '', ''); self::assertSame($expected, $serverRequestParameters->getPathInfo()); }
typo3/sysext/core/Tests/Unit/Log/Processor/WebProcessorTest.php+1 −2 modified@@ -30,9 +30,8 @@ class WebProcessorTest extends UnitTestCase */ public function webProcessorAddsWebDataToLogRecord(): void { - $_SERVER['PATH_INFO'] = ''; $_SERVER['REQUEST_URI'] = ''; - $_SERVER['ORIG_SCRIPT_NAME'] = ''; + $_SERVER['SCRIPT_NAME'] = ''; $_SERVER['REMOTE_ADDR'] = ''; $_SERVER['QUERY_STRING'] = ''; $_SERVER['SSL_SESSION_ID'] = '';
typo3/sysext/felogin/Tests/Unit/Validation/RedirectUrlValidatorTest.php+1 −1 modified@@ -64,7 +64,7 @@ protected function setUp(): void */ protected function setUpFakeSitePathAndHost(): void { - $_SERVER['ORIG_PATH_INFO'] = $_SERVER['PATH_INFO'] = $_SERVER['ORIG_SCRIPT_NAME'] = $_SERVER['SCRIPT_NAME'] = $this->testSitePath . 'index.php'; + $_SERVER['SCRIPT_NAME'] = $this->testSitePath . 'index.php'; $_SERVER['HTTP_HOST'] = $this->testHostName; $request = ServerRequestFactory::fromGlobals();
typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php+6 −5 modified@@ -2423,23 +2423,24 @@ protected function setAbsRefPrefix() if (!$this->absRefPrefix) { return; } + $encodedAbsRefPrefix = htmlspecialchars($this->absRefPrefix, ENT_QUOTES | ENT_HTML5); $search = [ '"_assets/', '"typo3temp/', '"' . PathUtility::stripPathSitePrefix(Environment::getExtensionsPath()) . '/', '"' . PathUtility::stripPathSitePrefix(Environment::getFrameworkBasePath()) . '/', ]; $replace = [ - '"' . $this->absRefPrefix . '_assets/', - '"' . $this->absRefPrefix . 'typo3temp/', - '"' . $this->absRefPrefix . PathUtility::stripPathSitePrefix(Environment::getExtensionsPath()) . '/', - '"' . $this->absRefPrefix . PathUtility::stripPathSitePrefix(Environment::getFrameworkBasePath()) . '/', + '"' . $encodedAbsRefPrefix . '_assets/', + '"' . $encodedAbsRefPrefix . 'typo3temp/', + '"' . $encodedAbsRefPrefix . PathUtility::stripPathSitePrefix(Environment::getExtensionsPath()) . '/', + '"' . $encodedAbsRefPrefix . PathUtility::stripPathSitePrefix(Environment::getFrameworkBasePath()) . '/', ]; // Process additional directories $directories = GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_CONF_VARS']['FE']['additionalAbsRefPrefixDirectories'], true); foreach ($directories as $directory) { $search[] = '"' . $directory; - $replace[] = '"' . $this->absRefPrefix . $directory; + $replace[] = '"' . $encodedAbsRefPrefix . $directory; } $this->content = str_replace( $search,
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
10- github.com/advisories/GHSA-r4f8-f93x-5qh3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-24814ghsaADVISORY
- docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.htmlghsax_refsource_MISCWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2023-24814.yamlghsaWEB
- github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.phpghsax_refsource_MISCWEB
- github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.phpghsax_refsource_MISCWEB
- github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263aghsax_refsource_MISCWEB
- github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3ghsax_refsource_CONFIRMWEB
- typo3.org/security/advisory/typo3-core-sa-2023-001ghsax_refsource_MISCWEB
- typo3.org/security/advisory/typo3-psa-2023-001ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.